Описание
XML External Entity Reference in drools
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
Пакеты
Наименование
org.drools:drools-core
maven
Затронутые версииВерсия исправления
<= 7.59.0.Final
7.60.0.Final
Связанные уязвимости
CVSS3: 7.5
redhat
больше 4 лет назад
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
CVSS3: 9.8
nvd
больше 3 лет назад
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.